An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Using encryption for authentication in large networks of computers
Communications of the ACM
Normalizable Horn Clauses, Strongly Recognizable Relations, and Spi
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Handbook of automated reasoning
Handbook of automated reasoning
Resolution decision procedures
Handbook of automated reasoning
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Tree automata with one memory set constraints and cryptographic protocols
Theoretical Computer Science - Automata, languages and programming
Verification of cryptographic protocols: tagging enforces termination
Theoretical Computer Science - Foundations of software science and computation structures
Information Processing Letters
Security protocols: from linear to classical logic by abstract interpretation
Information Processing Letters
Information Processing Letters
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Security properties: two agents are sufficient
ESOP'03 Proceedings of the 12th European conference on Programming
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Iterative specialisation of horn clauses
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Hi-index | 0.00 |
We consider secrecy problems for cryptographic protocols modeled using Horn clauses and present general classes of Horn clauses which can be efficiently decided. Besides simplifying the methods for the class of flat and one-variable clauses introduced for modeling of protocols with single blind copying [7,25], we also generalize this class by considering k-variable clauses instead of one-variable clauses with suitable restrictions similar to those for the class S+. This class allows to conveniently model protocols with joint blind copying. We show that for a fixed k, our new class can be decided in DEXPTIME, as in the case of one variable.